In article <kps4fv$33j$1 at softins.clara.co.uk>, Tony Mountifield <tony at softins.co.uk> wrote: > I want to use fail2ban on CentOS 6 to monitor Apache with the standard > default logfile format ("combined"). Has anyone here succeeded in doing so? > > The format has the IP at the start of the line, followed by two dashes > (if no authentication) and THEN the timestamp. What I've read on the > fail2ban wiki seems to say that the timestamp must ALWAYS be at the start > of the line, followed by other stuff. I'm amazed if it isn't configurable... > > I'm using fail2ban 0.8.8 from EPEL. OK, it turns out that despite what it says in the wiki, recent versions of fail2ban do allow a non-anchored timestamp match and will preserve the part of the line before the timestamp. My problem was actually in the failregex. All working now. Cheers Tony -- Tony Mountifield Work: tony at softins.co.uk - http://www.softins.co.uk Play: tony at mountifield.org - http://tony.mountifield.org